Today, e-commerce is growing at a fast pace and offers great convenience to users. One important aspect in e-commerce is how to protect personal and/or private information. Sensitive personal and/or private information of users is frequently needed to complete transactions, such as ages of the users, addresses of the users, credit card information, etc. In addition to providing the information, the users have to prove to an entity, such as an online product/service provider, that the information provided is true and accurate. For example, an online wine seller may require a purchaser of alcohol to provide proof that the purchaser is over the legal drinking age.
One conventional approach for the users to prove to the online product/service providers that the information provided is true and accurate is to submit authenticated version or certified version of the information from an authoritative party to online product/service providers. The authoritative party as described herein refers to a party, trusted by the online product/service providers, that is authorized to certify that some predetermined information about the users is true and accurate. For example, the authoritative party may be a government agency, such as the departments of motor vehicles in various states, which are authorized to certify certain information, such as the driver license numbers and ages of drivers, in the respective states. As such, the users may request the authoritative party to send a certified version of their personal information to the online product/service providers.
However, the above approach may compromise the user's privacy for the following reason. When the authoritative party sends a certified version of the users' personal information to the online product/service providers, the authoritative party may keep track of the kind of personal information sent, the online product/service providers patronized by the users, the type of products and/or services accessed by the users, etc., without prior consent from the users. As a result, the authoritative party may collect and compile data on a user's online activities without the consent, or even the knowledge, of the user. Such action on the part of the authoritative party severely invades the privacy of the user.